cnvd - cnvd-2021-59592

CNVD-2021-59592

Vulnerability from cnvd - Published: 2021-09-09

Title

WordPress插件跨站脚本漏洞（CNVD-2021-59592）

Description

WordPress是Wordpress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。Prism是美国Prism个人开发者的一个应用软件。是一种轻量级的，可扩展的语法突出显示工具。 Prismatic WordPress plugin 2.8之前版本存在安全漏洞，该漏洞源于插件没有清理或验证它的一些短代码参数，允许具有低至贡献者角色的用户在其中设置跨站点有效负载。目前没有详细漏洞细节提供。

Severity

低

Patch Name

WordPress插件跨站脚本漏洞（CNVD-2021-59592）的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://wpscan.com/vulnerability/51855853-e7bd-425f-802c-824209f4f84d

Reference

https://wpscan.com/vulnerability/51855853-e7bd-425f-802c-824209f4f84d

Impacted products

Name
WordPress Prismatic WordPress plugin <2.8

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-24408",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-24408"
    }
  },
  "description": "WordPress\u662fWordpress\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u4f7f\u7528PHP\u8bed\u8a00\u5f00\u53d1\u7684\u535a\u5ba2\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u652f\u6301\u5728PHP\u548cMySQL\u7684\u670d\u52a1\u5668\u4e0a\u67b6\u8bbe\u4e2a\u4eba\u535a\u5ba2\u7f51\u7ad9\u3002Prism\u662f\u7f8e\u56fdPrism\u4e2a\u4eba\u5f00\u53d1\u8005\u7684\u4e00\u4e2a\u5e94\u7528\u8f6f\u4ef6\u3002\u662f\u4e00\u79cd\u8f7b\u91cf\u7ea7\u7684\uff0c\u53ef\u6269\u5c55\u7684\u8bed\u6cd5\u7a81\u51fa\u663e\u793a\u5de5\u5177\u3002\n\nPrismatic WordPress plugin 2.8\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u63d2\u4ef6\u6ca1\u6709\u6e05\u7406\u6216\u9a8c\u8bc1\u5b83\u7684\u4e00\u4e9b\u77ed\u4ee3\u7801\u53c2\u6570\uff0c\u5141\u8bb8\u5177\u6709\u4f4e\u81f3\u8d21\u732e\u8005\u89d2\u8272\u7684\u7528\u6237\u5728\u5176\u4e2d\u8bbe\u7f6e\u8de8\u7ad9\u70b9\u6709\u6548\u8d1f\u8f7d\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://wpscan.com/vulnerability/51855853-e7bd-425f-802c-824209f4f84d",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-59592",
  "openTime": "2021-09-09",
  "patchDescription": "WordPress\u662fWordpress\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u4f7f\u7528PHP\u8bed\u8a00\u5f00\u53d1\u7684\u535a\u5ba2\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u652f\u6301\u5728PHP\u548cMySQL\u7684\u670d\u52a1\u5668\u4e0a\u67b6\u8bbe\u4e2a\u4eba\u535a\u5ba2\u7f51\u7ad9\u3002Prism\u662f\u7f8e\u56fdPrism\u4e2a\u4eba\u5f00\u53d1\u8005\u7684\u4e00\u4e2a\u5e94\u7528\u8f6f\u4ef6\u3002\u662f\u4e00\u79cd\u8f7b\u91cf\u7ea7\u7684\uff0c\u53ef\u6269\u5c55\u7684\u8bed\u6cd5\u7a81\u51fa\u663e\u793a\u5de5\u5177\u3002\r\n\r\nPrismatic WordPress plugin 2.8\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u63d2\u4ef6\u6ca1\u6709\u6e05\u7406\u6216\u9a8c\u8bc1\u5b83\u7684\u4e00\u4e9b\u77ed\u4ee3\u7801\u53c2\u6570\uff0c\u5141\u8bb8\u5177\u6709\u4f4e\u81f3\u8d21\u732e\u8005\u89d2\u8272\u7684\u7528\u6237\u5728\u5176\u4e2d\u8bbe\u7f6e\u8de8\u7ad9\u70b9\u6709\u6548\u8d1f\u8f7d\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "WordPress\u63d2\u4ef6\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2021-59592\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "WordPress Prismatic WordPress plugin \u003c2.8"
  },
  "referenceLink": "https://wpscan.com/vulnerability/51855853-e7bd-425f-802c-824209f4f84d",
  "serverity": "\u4f4e",
  "submitTime": "2021-07-14",
  "title": "WordPress\u63d2\u4ef6\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2021-59592\uff09"
}

CVE-2021-24408 (GCVE-0-2021-24408)

Vulnerability from cvelistv5 – Published: 2021-07-12 19:20 – Updated: 2024-08-03 19:28

Summary

The Prismatic WordPress plugin before 2.8 does not sanitise or validate some of its shortcode parameters, allowing users with a role as low as Contributor to set Cross-Site payload in them. A post made by a contributor would still have to be approved by an admin to have the XSS trigger able in the frontend, however, higher privilege users, such as editor could exploit this without the need of approval, and even when the blog disallows the unfiltered_html capability.

Severity ?

No CVSS data available.

CWE

CWE-79 - Cross-site Scripting (XSS)

Assigner

WPScan

References

URL

Tags

https://wpscan.com/vulnerability/51855853-e7bd-42…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Jeff Starr	Prismatic	Affected: 2.8 , < 2.8 (custom)

Credits

apple502j

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:28:23.801Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/51855853-e7bd-425f-802c-824209f4f84d"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Prismatic",
          "vendor": "Jeff Starr",
          "versions": [
            {
              "lessThan": "2.8",
              "status": "affected",
              "version": "2.8",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "apple502j"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Prismatic WordPress plugin before 2.8 does not sanitise or validate some of its shortcode parameters, allowing users with a role as low as Contributor to set Cross-Site payload in them. A post made by a contributor would still have to be approved by an admin to have the XSS trigger able in the frontend, however, higher privilege users, such as editor could exploit this without the need of approval, and even when the blog disallows the unfiltered_html capability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Cross-site Scripting (XSS)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-12T19:20:51",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wpscan.com/vulnerability/51855853-e7bd-425f-802c-824209f4f84d"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Prismatic \u003c 2.8 - Contributor+ Stored XSS",
      "x_generator": "WPScan CVE Generator",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "contact@wpscan.com",
          "ID": "CVE-2021-24408",
          "STATE": "PUBLIC",
          "TITLE": "Prismatic \u003c 2.8 - Contributor+ Stored XSS"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Prismatic",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.8",
                            "version_value": "2.8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Jeff Starr"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "apple502j"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Prismatic WordPress plugin before 2.8 does not sanitise or validate some of its shortcode parameters, allowing users with a role as low as Contributor to set Cross-Site payload in them. A post made by a contributor would still have to be approved by an admin to have the XSS trigger able in the frontend, however, higher privilege users, such as editor could exploit this without the need of approval, and even when the blog disallows the unfiltered_html capability."
            }
          ]
        },
        "generator": "WPScan CVE Generator",
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79 Cross-site Scripting (XSS)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wpscan.com/vulnerability/51855853-e7bd-425f-802c-824209f4f84d",
              "refsource": "CONFIRM",
              "url": "https://wpscan.com/vulnerability/51855853-e7bd-425f-802c-824209f4f84d"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2021-24408",
    "datePublished": "2021-07-12T19:20:51",
    "dateReserved": "2021-01-14T00:00:00",
    "dateUpdated": "2024-08-03T19:28:23.801Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2021-59592

CVE-2021-24408 (GCVE-0-2021-24408)

Tags

Sightings

Nomenclature